Official Node.js SDK for Scalekit — the auth stack for agents.
Authentication, authorization, and tool-calling for human-in-the-loop and autonomous agent flows.
This is the official Node.js SDK for Scalekit, — the auth stack for agents. Build secure AI products faster with authentication for humans (SSO, passwordless, full-stack auth) and agents (MCP/APIs, delegated actions), all unified on one platform. This Node.js SDK enables both traditional B2B authentication and cutting-edge agentic workflows.
- Agent Identity — Agents as first-class actors with human ownership and org context
- MCP-Native OAuth 2.1 — Purpose-built for Model Context Protocol with DCR/PKCE support
- Ephemeral Credentials — Time-bound, task-based authorization (minutes, not days)
- Token Vault — Per-User, Per-Tool token storage with rotation and progressive consent
- Human-in-the-Loop — Step-up authentication when risk crosses thresholds
- Immutable Audit — Track which user initiated, which agent acted, what resource was accessed
- Enterprise SSO — Support for SAML and OIDC protocols
- SCIM Provisioning — Automated user provisioning and deprovisioning
- Passwordless Authentication — Magic links, OTP, and modern auth flows
- Multi-Tenant Architecture — Organization-level authentication policies
- Social Logins — Support for popular social identity providers
- Full-Stack Auth — Complete IdP-of-record solution for B2B SaaS
- Node.js ≥ 18.14.1
- Scalekit account with
env_url,client_id, andclient_secret
npm install @scalekit-sdk/node
# or
yarn add @scalekit-sdk/node
# or
pnpm add @scalekit-sdk/nodeimport { ScalekitClient } from "@scalekit-sdk/node";
const scalekitClient = new ScalekitClient(
process.env.SCALEKIT_ENV_URL!,
process.env.SCALEKIT_CLIENT_ID!,
process.env.SCALEKIT_CLIENT_SECRET!
);
// use scalekitClient to interact with the Scalekit API
const authUrl = scalekitClient.getAuthorizationUrl("https://acme-corp.com/redirect-uri", {
state: "state",
connectionId: "connection_id",
});import express from "express";
import { ScalekitClient } from "@scalekit-sdk/node";
const app = express();
const scalekitClient = new ScalekitClient(
process.env.SCALEKIT_ENV_URL!,
process.env.SCALEKIT_CLIENT_ID!,
process.env.SCALEKIT_CLIENT_SECRET!
);
const redirectUri = `${process.env.HOST}/auth/callback`;
// get the authorization URL and redirect the user to the IdP login page
app.get("/auth/login", (req, res) => {
const authUrl = scalekitClient.getAuthorizationUrl(
redirectUri,
{
state: "state",
connectionId: "connection_id",
}
);
res.redirect(authUrl);
});
// handle the callback from Scalekit
app.get("/auth/callback", async (req, res) => {
const { code, error, error_description, idp_initiated_login } = req.query;
// handle error
if (error) {
return res.status(400).json({ error, error_description });
}
// handle IdP initiated login
if (idp_initiated_login) {
// get the claims from the IdP initiated login
const {
connection_id,
organization_id,
login_hint,
relay_state
} = await scalekitClient.getIdpInitiatedLoginClaims(idp_initiated_login as string);
// get the authorization URL and redirect the user to the IdP login page
const url = scalekitClient.getAuthorizationUrl(
redirectUri,
{
connectionId: connection_id,
organizationId: organization_id,
loginHint: login_hint,
...(relay_state && { state: relay_state }),
}
);
return res.redirect(url);
}
const authResp = await scalekitClient.authenticateWithCode(code, redirectUri);
res.cookie("access_token", authResp.accessToken);
return res.json(authResp.accessToken);
});
app.listen(3000, () => {
console.log("Server is running on port 3000");
});| Framework | Repository | Description |
|---|---|---|
| Express.js | scalekit-express-example | Basic Express.js server implementation |
| Next.js | scalekit-nextjs-demo | Modern React/Next.js application |
**Auth.js** | [scalekit-authjs-example](https://github.com/scalekit-developers/scalekit-authjs-example) | Next.js with Auth.js (next-auth v5) |
- SSO Integration — implement enterprise Single Sign-on
- Full Stack Auth — complete authentication solution
- Passwordless Auth — modern authentication flows
- Social Logins — popular social identity providers
- Machine-to-Machine — API authentication
- API Reference — complete API documentation
- Developer Kit — tools and utilities
- API authentication guide — secure API access
- setup Guide — initial platform configuration
- Code examples — ready-to-use code snippets
- Admin Portal Guide — administrative interface
- Launch Checklist — Pre-production checklist
Contributions are welcome! Coming soon: contribution guidelines.
For now:
- Fork this repository
- Create a branch —
git checkout -b fix/my-improvement - Make your changes
- Run tests —
npm test - Open a Pull Request
This project is licensed under the MIT license. See the LICENSE file for more information.